I'm trying to implement anonymous read-only access to files stored in Google Drive via the Drive JS API. The Google Drive belongs to a Service Account and all files are configured to permit public read-only access. Anyone with the URL can currently access the Drive UI (in a web browser) and view these files without authentication.
My goal is to show information about these files on a separate web page using data retrieved via JS API, however it appears that Google only supports access to the API if the API client (the web page) is authenticated or the end user (the viewer of a web page) is authenticated via OAuth. Given that the files are already public it seems like it should be possible to provide anonymous read-only access via the API.
There are examples of an API client authenticating using a credentials JSON file containing credentials for a Service Account, instead of requiring the end user to authenticate via OAuth, but this requires the client to submit a JSON file when authenticating. As this is a web page I would need to embed the credentials JSON (including Private Key) in my public-visible source and this is not a good idea.
One option is to write my own API that authenticates (server-side) with Google Drive using a credentials JSON file and essentially proxies anonymous requests from my web page to the Google Drive API, but that seems like too much work for something that I believe should be simple.
Is there any way to provide anonymous read-only access to public Google Drive files via the JS API?
Related
I am building an app using Google Drive API and store data in the user's appdata space in the user's Google Drive. This way we can store data to avoid user accidentally delete since it's hidden from the user's view https://developers.google.com/drive/api/guides/appdata
Question: can other apps (maybe even hacker) using the same API and pretend to be our app to fetch the our app data?
If you check the documentation found on Store application-specific data . You will find it states.
This folder is only accessible by your application and its contents are hidden from the user and from other Drive apps.
Only your app or rather your client id can access the files that it created.
I am looking for a solution on the mentioned issues below. I would be grateful if someone could help us on this.
UPLOADING FILES DIRECTLY ON GOOGLE DRIVE SERVICE ACCOUNT FROM BROWSER WITHOUT USER AUTHENTICATION.
We would like to use our Google Drive Service Account as a storage instead of our Web Server disk space.
We are currently using DropzoneJS and Custom JS to upload files directly to our Web Server.
After that we are using Google Drive PHP SDK to upload those files on our Google Drive Service Account using Google Drive API.
Looking for Solution: We would like our users to upload files directly to our Google Drive Service Account without authenticating using their own Google account.
Is there a way for our users so they can upload files directly to our Google Drive Service Account by implementing JavaScript.
Looking forward to hearing from the helping genius.
Yes, by using Google Service Accounts you've just mentioned. Following Google service account guide you'll need to Setup a Service Account in Google Developer Console first.
Sign-in to Google API Console.
Create new project or use an existing one.
Enable Google Drive API
ClicK "Credentials" and "Create new oAuthClientID".
Select "Service account" and create new Client ID.
You will choose be asked to download your private key in JSON or P12 format.
After private key download, a password for accessing it will be shown in pop-up. Make sure you dont forget it.
Keep the private key in an accessible location, you'll be needing it later for your app.
After that you will see "Client ID" and "Email address" for your application.
Go to you Google Drive. Create some folder, and open "Sharing settings" for it.
Add your service email to the list of allowed users and allow it to edit the contents of that folder.
Remember your Drive folder ID like 0Bzgk4zccLwI7nXpRNG1yeDNxrYPU from drive.google.com/drive/folders/0Bzgk4zccLwI7nXpRNG1yeDNxrYPU.
After the setup, it's time to prepare making authorized API calls using JWT. Additional info that might help with the guide is a relevant post found here.
I have a webapp, mywebapp.com, that successfully gets user permission to access Google Drive, mostly following examples for server-side flow here:
https://developers.google.com/drive/web/auth/web-server
I successfully upload, then access those SAME files.
However, what I really want to do is access OTHER files, in particular Google Docs docs. Can this be done, and how?
If not, can it be done with client-side flow using regular JavaScript (not Google's hosted scripts)?
What your app can and cannot see is determined by the scope. The possible values are enumerated here https://developers.google.com/drive/web/scopes
I'm integrating our web app with Google Drive, and got stuck on configuring the conections initiated by the Google Drive UI.
We allow users to open and create files from Drive, but every time OAuth2 session is initiated from the Drive page, it asks for access to files (looks like drive.file scope, which is already given), and also to "Perform these operations when I'm not using the application". I assume the re-authentication is requested because of the offline access, which we never request and don't need. I'd rather not ask users for this if not necessary.
I could not find a way to disable this from the Google API Console. Is there a way to configure the OAuth2 url for sessions initiated from Google Drive UI and set the access_type?
Or, if that is not the issue, what causes the "Perform these operations when I'm not using the application" and constant re-authorisation when files are opened?
if it helps with troubleshooting, the APP id is 399581875395
Answered in Opening file from google drive always requests offline access
Looks like I found a solution for this.
This message will keep appearing if you don't do step2 of the OAuth2 flow with the same client_id and client_secret.
#app.route('/open')
def drive_open_file():
code = request.args.get('code')
if code:
credentials = credentials_from_code("client", "secret",
"https://www.googleapis.com/auth/drive.file",
code,
redirect_uri="<WEBSITE>/open")
I would like to build an external asp.net mvc application that has the following features:
The application is accessible via its own domain such as www.itsowndomain.com
The application has access to one Google account (such as itsownaccount#gmail.com) where all the files are stored in the Drive folder. So the users of the application should not have to log into their own Google accounts in order to access the files from this application. The application needs to have automatic access to this (itsownaccount#gmail.com)'s google Drive, that process should be transparent to the user, they should never have to authenticate themselves, its should all happen in the code in the background when the application loads.
The application will use Google Picker to list the files that are in (itsownaccount#gmail.com)'s google Drive folder.
My questions are as follows:
Is what I am trying to do possible, basically using Google Drive as a storage of files and downloading them, uploading new ones and possible editing some from an external application?
Can I use one account because all the files should be publicly available so I do not want users to have to be thinking about authentication in a site just so they can view publicly accessible files?
How do I go about implementing this, is there a tutorial because the ones I have looked at all differ as they mostly try authenticate each user with their own Google account?
you can use Google Drive as the storage solution for your application, check the Google Drive SDK: https://developers.google.com/drive/
Google Drive application usually rely on the users' accounts to store their files, but nothing prevents you from using your account to store all files and make them publicly accessible
there's an ASP.NET MVC tutorial and sample app at https://developers.google.com/drive/examples/dotnet, however, it authenticates each user with his own account. You can start from it and replace the standard OAuth flow with one that always uses your credentials, for instance, by always using a Refresh token that you generated in advance and provided to the app.